An improper handling of web requests was found in Microsoft Outlook Web Access. By exploiting this vulnerability malicious users can gain privileges. A successful exploit allows attackers to perform content/script injection attacks, make user disclose sensitive information. This vulnerability can be exploited remotely via a specially designed email containing a malicious link.

Microsoft Exchange Server 2013 Service Pack 1
Microsoft Exchange Server 2013 Cumulative Update 14
Microsoft Exchange Server 2016 Cumulative Update 3

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

4012178